Cybersecurity

The hidden risks of remote software updates

To get a car with the latest automated driving features all it takes in some cases is a couple of software updates — a growing trend with potential safety and cybersecurity risks.

Why it matters: Using a built-in wireless connection to fix a bug or add new functions can be a welcome convenience thatcan alsoprompt people to make needed repairs. But if it means instantly handing over more of the driving task to your vehicle, you could be putting yourself at risk if the new software is glitchy or you don't understand and misuse the car's new capabilities.

Background: Except for the occasional map or infotainment update, most cars are frozen in time when they leave the lot, requiring a trip to the dealership for software-related recalls or updates.

That results in higher warranty costs for automakers and a hassle for car owners.

Tesla pioneered the concept of making cars more capable over time, pushing out hundreds of over-the-air (OTA) updates to things like steering, braking and windshield wipers since introducing its Model S in 2012.

Following the 2015 debut of Autopilot, Tesla has regularly used OTA updates to add more advanced driver-assist features like automatic lane changes.

What's happening: Following Tesla's lead, automakers are beginning to embrace the idea of OTA software updates, whether to handle recalls or add new driving features.

GM and Ford say they'll enable OTA updates by 2020.

Legacy automakers must first design new vehicle electrical architectures that can accept flash updates; Tesla's cars were designed like smartphones to do that from the start.

Tesla's other advantage: it has an in-house team of software developers that can push out updates quickly, notes Gartner Group analyst Mike Ramsey.

Yes, but: Cars are becoming more automated overnight, gaining new superpowers they didn't possess the day before.

Precautions are needed to ensure drivers fully understand and are comfortable with their car's new capabilities — and that remote software updates were completed properly and securely.

Remote updates create potential opportunities for malicious hackers to intercept and replace legitimate software with malware that could affect the car's performance.

Why it matters: Shamoon is destructive malware that has only been seen in the wild three times since 2012 (and one of those is in dispute), including some of the most famous cyberattacks in history. Its return has raised eyebrows.